What is the algorithm name for PKCS#5 PBKDF1 in ja

2019-03-22 08:34发布

问题:

I have a couple of questions in using cryptography. I am using AES

Question 1:

I am trying to Use the SecretKeyFactory class in . I am trying to get instance related to PBKDF1 PKCS#5. I am new to cryptography. I tried online but Iam not able to find any such algorithm. Does support it. I want some thing like this.

    SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF1Pkcs#5");
    KeySpec spec = new PBEKeySpec(password, salt, 1, 128);

Question 2:

Does the above two lines of code do the same thing as the below lines of code in c++

::PKCS5_PBKDF1 <::MD5> fn;
fn.DeriveKey(key, CRYPTO::MD5::DIGESTSIZE, 0, key.getBytes(), salt.getBytes(), salt.size(), PBKDF1_ITERATIONS,time_in_seconds);

If not can some one give some thing in which can mimic what the above lines of c++ code do.

Thanks

回答1:

Re: Question 1

Per the Java 6 API docs for SecretKeyFactory,

Application developers should refer to their provider's documentation to find out which key specifications are supported by the generateSecret and getKeySpec methods. For example, the DES secret-key factory supplied by the "SunJCE" provider supports DESKeySpec as a transparent representation of DES keys, and that provider's secret-key factory for Triple DES keys supports DESedeKeySpec as a transparent representation of Triple DES keys.

If we look at the SunJCE provider documentation for PKCS, we see...

PBEWithMD5AndDES: The password-based encryption algorithm as defined in: RSA Laboratories, "PKCS #5: Password-Based Encryption Standard," version 1.5, Nov 1993. Note that this algorithm implies CBC as the cipher mode and PKCS5Padding as the padding scheme and cannot be used with any other cipher modes or padding schemes.

Re: Question 2

In the same document, in the section Using Password-Based Encryption, you will find the following sample code. Keep in mind that the sample code uses a static salt, but a secure implementation would use generate a random salt each time the user changes their password.

PBEKeySpec pbeKeySpec;
PBEParameterSpec pbeParamSpec;
SecretKeyFactory keyFac;

// Salt
byte[] salt = {
    (byte)0xc7, (byte)0x73, (byte)0x21, (byte)0x8c,
    (byte)0x7e, (byte)0xc8, (byte)0xee, (byte)0x99
};

// Iteration count
int count = 20;

// Create PBE parameter set
pbeParamSpec = new PBEParameterSpec(salt, count);

// Prompt user for encryption password.
// Collect user password as char array (using the
// "readPasswd" method from above), and convert
// it into a SecretKey object, using a PBE key
// factory.
System.out.print("Enter encryption password:  ");
System.out.flush();
pbeKeySpec = new PBEKeySpec(readPasswd(System.in));
keyFac = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);

// Create PBE Cipher
Cipher pbeCipher = Cipher.getInstance("PBEWithMD5AndDES");

// Initialize PBE Cipher with key and parameters
pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

// Our cleartext
byte[] cleartext = "This is another example".getBytes();

// Encrypt the cleartext
byte[] ciphertext = pbeCipher.doFinal(cleartext);

Other Algorithms

Again, from the same page. Really, I recommend you read through the whole thing, as it will probably answer other questions you have, as well

PBEWith<digest>And<encryption> or PBEWith<prf>And<encryption>: Secret-key factory for use with PKCS #5 password-based encryption, where <digest> is a message digest, <prf> is a pseudo-random function, and <encryption> is an encryption algorithm. Examples: PBEWithMD5AndDES (PKCS #5, v 1.5) and PBEWithHmacSHA1AndDESede (PKCS #5, v 2.0). Note: These both use only the low order 8 bits of each password character.